Create tenants, users, and roles in OpenStack Installation Guide for Ubuntu 14.04 - juno
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Lance Bragstad | ||
openstack-manuals |
Fix Released
|
Low
|
Matt Kassawara |
Bug Description
"e. By default, the dashboard limits access to users with the _member_ role. Create the _member_ role:"
The first sentence is true, but keystone will automatically create the _member_ role if it does not exist.
I discovered this while tracking down an error: "keystone user-create" resulted in a "duplicate entry" error. The sequence is like this:
1) As described in the doc, I run "keystone role-create --name _member_". The role is created and assigned a random ID.
2) On "user-create", keystone wants to assign the _member_ role to the new user. It looks up member_role_id in keystone.conf, finds none (the member_role_id does not match the ID from step 1)
3) keystone now tries to create the _member_ role, but this fails since the name already exists.
So by not creating the "_member_" role myself, the problem is averted. That's why I'm opening a bug against docs.... another fix would be for keystone to do the lookup by name instead, but I assume the keystone team has a good reason for not doing so.
I'm using the v2 API with SQL backend.
-------
Built: 2014-12-09T01:28:32 00:00
git SHA: 6d3c276487be990
URL: http://
source File: file:/home/
xml:id: keystone-users
Changed in openstack-manuals: | |
status: | New → Confirmed |
Changed in openstack-manuals: | |
assignee: | nobody → Matt Kassawara (ionosphere80) |
importance: | Undecided → Medium |
Changed in keystone: | |
assignee: | nobody → Dolph Mathews (dolph) |
tags: | added: icehouse-backport-potential juno-backport-potential |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → Lance Bragstad (lbragstad) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-rc1 → 2015.1.0 |
This problem is also affects the guides "Create tenants, users, and roles in OpenStack Installation Guide for Red Hat Enterprise Linux 7, CentOS 7, and Fedora 20 - juno" and Create tenants, users, and roles in OpenStack Installation Guide for OpenSUSE 13.1 and SUSE Linux Enterprise Server 11 SP3 - juno"
A fix for those affected after following the current guides is to get the current key of the admin role (keystone role-list | awk '/ _member_ / {print $2}') and set that key in member_role_id in /etc/keystone/ keystone. conf